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[57] ABSTRACT 

A modem suitable for transmitting encrypted data over 
voice-grade telephone line. The modem is implemented 
by the combination of integrated circuit components 
including a microprocessor, a serial communications 
controller which communicates with connected data 
terminal equipment, and a modulator/demodulator for 
translating between voice band tone signals and digital 
data. Pseudo random number generators are employed 
at both the transmitting and receiving stations to supply 
identical sequences of encryption keys to a transmitting 
encoder and a receiving decoder. An initial random 
number seed value is made available to both stations. 
The random number generators are advanced at times 
determined by predetermined characteristics of the data 
being transmitted so that, after transmission has taken 
place, the common encryption key can be known only 
to the transmitting and receiving stations. 
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values for the generator of the interval numbers) may be 

ENCRYPTED DATA TRANSMISSION SYSTEM associated with each of a plurality of remote locations 

EMPLOYING MEANS FOR RANDOMLY with whom secured communication is required, so that 

ALTERING THE ENCRYPTION KEYS the data on any given link is decipherable only by the 

5 authorized receiving station, even though other stations 

BACKGROUND OF THE INVENTION may have identical communication and decryption 

This is a continuation-in-part of application Ser. No. hardware. 

07/418,178 filed on Oct 6, 1989. As a consequence of the foregoing feature, the inven- 

A computer program listing is submitted herewith as tion may be used to advantage to control communica- 

a microfiche appendix having 1 19 frames on 2 micro- 10 tions within a network. A key memory is provided 

fiche. which permits a unique serial number identifying a 

This invention relates to data transmissions systems remote unit to be stored along with the current encryp- 

and, more particularly, to systems for transmitting enci- tion key value, the serial number and key value being 

phered data. stored on command from the local unit or by being 

Data encryption provides security for transmitted 15 downloaded from a remote unit which serves as the 

data by scrambling the "clear text" data into "cipher host or network supervisor. Once the host station has 

text". Typically, the transmitted data is scrambled in a supplied the initial seed value keys to the units forming 

manner selected by a unique key value (such as a 56-bit tne ^ terminal locations for a given link and transmis- 

binary number) and unscrambled, at the receiving sta- sk)n over ^ link begins> ^ host ^ ao longer ^ ows » 

tion, by a reverse process that requires the same key ™ the encryption key values since they dependent 

value be known. upon the nature of the trarismissioK over the link. Con- 

For increased data security, the encryptaon key value ^ uentl ^ ^ cuiii cannot be compromis ed even by 

may be changed frequently to further reduce the hkeh- who h 4 ossession of the initial key values 

hood that an unauthorized party may decipher the data. Uxr ttl . Wt • 

In such systems, new key values axe sent at intervals 25 supplied e>y tne nost 

from the transmitting station to the receiving station. . As contemplated by still another feature of the mven- 

The keys may be generated by a random number gener- torn, the encryption and decryption may advanta- 

ator located at the transmitting end, encrypted in accor- g eousl y be accomplished within a modem unit which 

dance with the currently active key, and transmitted also performs data compression and decompression, as 

along with the other data. At the receiving station, the 30 well as error-handling functions. Advantageously, the 

encrypted key is extracted from the data stream, deci- compression, encryption and error-coding functions 

phered, and substituted at a designated time for the may all be performed (in that sequence) at the transmit- 

prior key. In such a system, if any of the transmitted ting station by the same processor, while a like proces- 

keys are deciphered, the successive keys may be deci- sor at the receiving end is suitably programmed to pro- 

phered as well, so that all of the transmitted information 35 vide, in sequence, the error control, decryption, and 

may be decoded. decompression functions. 

In accordance with a principle feature of the present The principles of the invention may be applied to 
invention, pseudo-random number generators are em- advantage in terminals connected as part of a secured 
ployed at both the transmitting and receiving stations to communication network operating under central con- 
supply a like sequence of encryption keys to both the 40 trol. A key memory at each terminal may be loaded, by 
encryptor and decryptor, without these keys being a secure communication from the central control, with 
transmitted in any form over the transmission facility. encryption keys associated with other tenninals with 
In accordance with the invention, to permit the two which secured communication is authorized. In this 
stations to communicate, each supplied in advance with way> ^ centra j control can selectively permit or pro- 
a random number seed value which exclusively deter- 45 ^ y term i na j f rom decoding communications from 
mines the numerical content of the sequence of numeric Qther tenninaJ on a dynamically changing basis, 
values generated by each of the two pseudo-random ^ and other features ^ advantages of the inven- 
generators. In order that the two generators switch tioD may be m0 re clearly understood by considering the 
from one output key value to the next in synchronism, following detailed description of specific embodiments 
means are employed at both the transmitting and receiv- 50 f ^ 
ing stations to monitor the flow of transmitted data and 

to advance the random number generator each time the BRIEF DESCRIPTION OF THE DRAWINGS 

transmitted data satisfies a predetermined condition. c ^ descri tion to foU 

The monitoring function can advantageously be per- c ... r t . , . +u j\ , „, 

r j - i v *i. •+*. uJ~r. *™o « reference will frequently be made to the attached draw- 

formed simply by counting the units of data being trans- 55 . . v. 

mitted and by advancing each pseudo-random key gen- m *g; w . c . -„ 4 . 

erator each time the count reaches an agreed-upon in- fc } , 1 * a Clonal block diagram illust^Ung the 
terval number. In this way, no additional synchrony basic ^ Pressing steps which embody the inven- 
tion ^formation needs to be added to the dau stream. toc ^^, A . , „ t ^. , , 
For even greater security, the interval number (which 60 FIG- 2 is a hardware block diagram which shows a 
must be reached before the key is switched) may itself modem apparatus of the type contemplated by the in- 
be a changing value generated by a random number vention; 

generator, so that the duration during which a given FIGS. 3A, 3B and 3C are schematic representations 
key is active changes from key to key at times which are which, in combination, illustrate a preferred embodi- 
predictable only by the authorized recipient. 65 ment of the modem apparatus of FIG. 2; and 

In accordance with still another feature of the inven- FIG. 4 is a functional block diagram illustrating en- 
tion, different random number seed values and different hanced signal processing capabilities used in the pre- 
interval numbers (or different random number seed ferred embodiment of the invention. 



11/12/2003, EAST Version: 1.4.1 



5,412,730 

3 4 

DESCRIPTION OF THE PREFERRED ^erator 2* Each time the current count reaches the 

EMBODIMENT interval number, the pseudo-random number generator 

27 is advanced. Since the internal makeup of random 

FI G- 1— Basic Processing number generator 27 is identical to that of generator 23, 

FIG. 1 illustrates the manner in which the data being 5 ^ since it ^ supplied with the same seed value, and 

transmitted is subjected to a sequence of signal process- since block counter 29 is supplied with the same interval 

ing steps as contemplated by the present invention. number value as that supplied to the block counter 21, 

These processing steps are executed at a transmitting exactly the same sequence of keys will be supplied to 

station 11 and at a receiving station 12 connected to the random number generators 23 and 27, and the keys 

opposite ends of a communications channel 13. 10 will change at precisely the same time (relative to the 

At the transmitting station 11, a source of data 15 data stream) to accurately decipher the transmitted 

supplies a serial data stream to the data input of an data. 

encryptor 17. The data from source 15 may take sub- Of course, in order for the receiving station to suc- 

stantially any form, such as a file of text characters, each cessfully decipher the incoming cipher text, the receiv- 

encoded as a 8-bit byte, or a file of numerical binary 15 ing station 12 must be provided (in some fashion) with 

information expressed in 16-bit or 32-bit words. A block both the correct seed value and the correct interval 

counter 21 monitors the stream of data from the source number. These values are supplied to the receiving 

15 and generates an "advance signal" each time the data station in advance of the transmission by any secure 

meets a predetermined condition. Advantageously, the means. However, once the receiver possesses these 

block counter 21 may simply count the number of bytes 20 VdlacSt n0 further information is required to decipher 

(characters), words or blocks of data being transmitted, tne transmissions. No key values, key verification val- 

compare the current count with a predetermined 37 ues, or key synchronization signals need accompany the 

interval number" and produce an advance signal each tran smitted ciphered text to control or coordinate the 

tune the current count reaches the interval number (at encryption or decryption processing, even though the 

which time the current count is reset to 0). 25 enc ^ CQntinuousl changing to enhance 

The advance signal produced by block counter 21 is securitv 
supplied to the advance input of a pseudo-random num- 
ber generator 23 which supplies a sequence of encryp- FIG. 2 — Hardware 

tionkey values to the key input of the encryptor 17. fThe ™_ . . , t . 4 . , 

. ; P *v i • j ♦ • j v *i. *n The pnnciples of the present invention may be ad van- 
content of the key sequence is predetermined by the 30 r . r j . ' 

combination of (1) the internal makeup of the generator tege , 0usly K m P leme ^ » ■» data conimumcauons 
23 and by (2) a supplied random number seed value./ modem 1 h * vm ? a , hardw £? ^"Jure of the type 
which initializes the generator 23. The generator 23V dc Pf ed in FIG ' \ of * e drawings. As 
responds to each advance signal from block counter 21 \ $ho ™> ^ modem operates under the supervisory con- 
by changing its output to the next successive encryption^ trol of a microprocessor 101 such as the model 80188 
key value. Thus, for example, the combination oiR microprocessor available from Intel Corporation. The 
counter 21 and generator 23 operate to change the en- instructions and data operated on by the microproces- 
cryption key each time total number of bytes transmit- sor 101 m stored m a memory subsystem 103 which is 
ted is an exact multiple of the predetermined mtervalj composed of both read-only memory (advantageously 
number. ~"^^0 implemented as EPROM memory) and random access 
The encryptor 17 translates fixed length segments of memory (RAM). Memory subsystem 103 is coupled to 
the data from source 15 ("clear text") into fixed-length the microprocessor 101 by a memory address bus 105 
"cipher text" output segments, each segment translation 311(1 a data bus 107. 

taking place in a manner uniquely determined by the ^ ne data bus 107 also provides a data path to three 

encryption key currently supplied by the pseudo-ran- 45 peripheral devices: a display 109, a serial communica- 

dom number generator 23. The encryptor 17 (and the ^ ons controller (SCC) 111, and a modem module 113. 

decryptor 19, to be discussed) may advantageously The SCC 111 may take the form of an integrated circuit 

employ the accepted NBIS Data Encryption Standard such as the model 82530 controller manufactured by 

(DES), which codes and decodes data in 64-bit (8 byte) Intel Corporation. The modem module 113 may be 

units in accordance with a 56-bit key. The block 50 constructed using a modem unit 115, model R9696 chip 

counter 21 need not supply advance signals on bound- set available from Rockwell International Corporation, 

aries between encryption units, nor does the generator a cooperating set of integrated circuits capable of per- 

23 need to provide new key value precisely on encryp- forming trellis-coded modulation and demodulation 

tion unit boundaries. Instead, the encryptor 17 may] meeting the V.32 9600 baud communications protocol 

buffer the new keys temporarily, using it for the first 55 standard, as well as the V.22 bis standard, and further 

time on the next successive encryption unit of data. includes analog/digital conversion circuits which pro- 

At the receiving station 12, the incoming cipher text vide an interface to a direct access adapter (DAA) 117. 

is applied to the data input of the decryptor 31 whose The adapter 117 may take the form of a type CH1828 

key input is connected to receive a sequence of keys integrated circuit DAA available from Cermetek Mi- 

from the pseudo-random number generator 27. The 60 croelectronics, Inc. 

clear text output from the decryptor 31 is applied to a The modem hardware shown in FIG. 2 is used at 
data utilization device 33 and is monitored by a block both ends of the communications channel. At the trans- 
counter 29 which supplies advance signals to the num- mitting end, data to be transmitted is supplied by the 
ber generator 27. Block counter 29 performs the identi- connected data terminal equipment (DTE) via the serial 
cal function as that performed by the counter 21 at the 65 port 121 (e.g., a RS-232c or RS-422 standard port). The 
transmitting station 11 and hence supplies advance sig- asynchronous serial interface with the DTE typically 
nals to the generator 27 at precisely the same times operates under the combined control of the micro- 
relative to the data stream) that counter 21 advances processor 101 and the SCC 111 in accordance with a 
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standard interface protocoling., the V.42 standard 
protocol). The DTE (data terminal equipment) may be 
any terminal or computer adapted to communicate via 
this standard port using the selected serial protocol. 

The encryption/decryption processing is essentially 5 
"transparent" to the DTE; that is, the data is enciphered 
and deciphered without effecting the content of the 
data sent by or received by the DTE. However, it is 
desirable to permit the connected DTE to send com- 
mands (such as extensions to the standard "AT com- 10 
mand set") which will control encryption processing, 
turning encryption ON and OFF, and accepting seed 
values and interval numbers entered as "passwords" 
directly from the connected DTE. 

Data signals from the DTE which are to be transmit- 15 
ted are encrypted as described above and shown in 
FIG. 1, the random number seed values and the interval 
number values being pre-supplied to the microproces- 
sor 101 and stored in memory subsystem 103. At the 
receiving end, the modem module 113 shown in FIG. 2^0 
receives the incoming data (typically as a 9600 baud 
trellis-coded signal adapted for transmission over the 
analog telephone link) and converts that incoming sig- 
nal into data which is processed by microprocessor 101 
and supplied via the SCC 111 to the connected DTE. In 25 
the receiving mode, microprocessor 101 decrypts the 
data as illustrated by the receiving station 12 in FIG. 1. 

FIGS. 3A, 3B and 3C— Preferred Embodiment 

FIGS. 3A, 3B and 3C, in combination, illustrate a 30 
preferred embodiment of the modem hardware shown 
in FIG. 2. It should be noted that the devices illustrated 
in FIGS. 3A, 3B and 3C which are common to the 
functional units in FIG, 2 are designated by identical 
"Drawing Reference Characters". 35 

FIG. 3A illustrates the microprocessor 101, the mem- 
ory subsystem 103, and various supporting logic. The 
crystal inputs XI and X2 to the microprocessor 101 
provides an external connection for a fundamental 
mode parallel resonant crystal 157 (Yl). The resonant 40 
crystal 157 is utilized by the internal oscillator of the 
microprocessor 101 to generate the clock signal, 
CLKOUT. In a preferred embodiment, the resonant 
crystal 157 has a fundamental frequency of 14.7456 
Mhz. 45 

The memory subsystem 103 includes memory devices 
103aw£ The "jumper points" are designated as "El— 
E12". The "jumper points" facilitate implementing var- 
ious types of memory devices and memory configura- 
tions employed by the memory subsystem 103. The 50 
memory subsystem 103 is discussed in detail below. 

FIG, 3B illustrates the serial communications con- 
troller (SCC) 111, the serial port 121, the data terminal 
equipment (DTE), and various supporting logic. The 
integrated circuits 123, 124, 125, 127, 129, 131, 135 and 55 
137 are utilized to time delay various signals from the 
microprocessor 101 and thereby provide orderly opera- 
tion between the microprocessor 101, the SCC 111 and 
the modem unit 115. These integrated circuits also gen- 
erate the synchronous ready signal and asynchronous 60 
ready signal, SRDY and ARDY, respectively. 

As mentioned above, the data terminal equipment 
(DTE) communicates with the modem hardware over 
the serial port 121 (e.g., a RS-232c or a RS-422 standard 
port). FIG. 3B illustrates interface configurations to 65 
implement both a RS-232 interface standard and a RS- 
422 interface standard. The differential line drivers 149 
(U25) and the differential line receivers 151 (U26) are 



employed to implement the RS-422 interface standard. 
The line drivers 139 (U20), 141 (U21), and 147 (U24) are 
employed to implement the RS-232 interface standard. 
It will be readily appreciated by those skilled in the art 
that although two types of interfaces are depicted, only 
one interface is actually utilized at one time. The inte- 
grated circuits employed to implement the interface 
standard not used are unnecessary. 

FIG. 3C illustrates the modem unit 115, the direct 
access adapter (DAA) 117, the telephone interface 120, 
and various supporting logic. The micro-switch bank 
155 (S W2) provide the user the option of "hard-wiring" 
the baud rate settings for the modem unit 115. In opera- 
tion, the switch settings of the micro-switch bank 155 
are passed to the modem unit 115, via the octal butter 
145 (023), when the modem hardware is powered-up or 
reset. 

TABLE 1, below, provides information on the model 
or type of devices employed in the modem hardware 
illustrated in FIGS. 3A, 3B, and 3C. TABLE 1 also 
provides one of several manufactures and/or suppliers 
of the devices. TABLE 1 references the devices by 
"Drawing Reference Characters" and "Device Refer- 
ence Designations" consistent with their usage in FIGS. 
3A, 3B, and 3C. 

TABLE 1 



Drawing 


Device 






Ref. 


Ref. 






Char. 


Desig. 


Type 


Manufacturer 


101 


Ul 


80188 


Motorola, Inc. 


103a 


U2 


27C256 


Intel Corporation 


103b 


U3 


27C256 


Intel Corporation 


103c 


U4 


JEDEC 


Intel Corporation 


103d 


U5 


JEDEC 


Intel Corporation 


119 


U6 


74ALS373 


Texas Instruments, Inc. 


123 


U8 


74HC163 


Texas Instruments, Inc. 


124 


U9 


74HC163 


Texas Instruments, Inc. 


125 


UIO 


74HC163 


Texas Instruments, Inc. 


127 


UU 


24AS00 


Texas Instruments, Inc. 


129 


U12 


74AS04 


Texas Instruments, Inc. 


131 


U13 


74AS04 


Texas Instruments, Inc. 


133 


U14 


DS1232 


Dallas Semiconductor 


135 


U15 


74AS00 


Texas Instruments, Inc. 


137 


U16 


74AS00 


Texas Instruments, Inc. 


111 


U17 


82530 


Intel Corporation 


115 


U18 


R9696-DP 


Rockwell International Corp. 


117 


U19 


CH1828 


Cennetek Microelectronics, Inc. 


139 


UIO 


74HCI26 


Motorola, Inc. 


141 


U21 


DS14C88 


Motorola, Inc. 


H3 


U22 


74HC374 


Texas Instruments, Inc. 


W5 


U23 


74HC540 


Texas Instruments, Inc. 


147 


U24 




Motorola, Inc. 


149 


U25 • 


26LS31 


Motorola, Inc. 


151 


U26 


26LS32 


Motorola, Inc. 


153 


B 


CMB06 


Star Mi cronies 


155 


SW2 






157 


Yl 







The manufacturer specification sheets, commonly 
known as "Data Sheets", for the device model or type 
indicated above are hereby incorporated by reference. 

As mentioned above, the memory subsystem 103 
includes memory devices 103a-d The memory subsys- 
tem 103 may be implemented using RAM, ROM and/or 
PROM type memory devices. TABLE 1 indicates the 
memory devices 103c and 1036 are type 27C256, ultra 
violet erasable programmable read only memories (UV 
PROMs) manufactured by Intel Corporation. When 
either of memory devices 103a or 1036 is a PROM type 
device, then both 103a and 1036 should be implemented 
using PROM type devices. 
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Memory devices 103a and 103b may also be type 

HM62256LP-SL series or HM62256LFP-SL series FIG. 4 Enhancements 

CMOS static RAM manufactured by Hitachi America, The principles of the invention may be advanta- 

Ltd. Further, memory devices 103c and 103d may also geously employed to encipher and decipher data which 

be type HM62256LP-SL series or HM62256LFP-SL 5 is also compressed for enhanced transmission efficiency 

series CMOS static RAM. It will be appreciated by one and combined with error detection/correction coding, 

skilled in the art tnat a JEDEC type RAM, memory Moreover, the invention may utilize a key storage sys- 

devices 103c and 103d, is a RAM that conforms to the tern to store unique keys for different called and calling 

industry standards regarding the integrated circuit parties, and may employ means for varying the interval 

packaging. The type HM62256LP-SL series or 10 number in a random fashion so that the time durations 

HM62256LFP-SL series CMOS static RAM devices during which particular encryption keys are active 

meet JEDEC standards. varies in unpredictable ways. These further enbance- 

The storage capacity of the memory subsystem 103 ments to the system are depicted in FIG. 4 of the draw- 
may be increased or decreased in relation to modem ings which illustrates the preferred embodiment of the 
hardware and/or modem software requirements. For 15 invention. 

example, memory subsystem 103 may be configured If the data signals are to be "compressed" for in- 
using 128K type, 256K type, and/or 512K type creased transmission efficiency (e.g., by Huffman en- 
RAMs/ROMs/PROMs. The "jumper points" facilitate coding or the like), the compression processing of the 
implementing various memory device types and mem- data should precede encryption, because the encryption 
ory configurations of the memory subsystem 103. The 20 process inherently randomizes the data, eliminating the 
manufacturer, by way of a memory device's data sheet, redundancy upon which efficient compression depends, 
provides configuration instructions. These instructions On the other hand, error control processing (such as 
dictate "jumper point" usage. adding cyclic redundancy check (CRC) block checking 
The power and ground pins for the integrated cir- codes) is best done after encryption in accordance with 
cuits, the buzzer 153, and the micro-switch bank 155 of 25 the invention, because successful synchronization of the 
the modem hardware are not depicted in FIGS. 3A, 3B advance signals from the block counters 21 and 29 re- 
and 3C. TABLE 2, below, provides power and ground quires substantially error-free data transmission (which 
pin connections for the devices used to implement the the error-checking protocols insure), 
modem hardware illustrated in FIGS. 3A, 3B and 3C. As contemplated by the present invention, data corn- 
In particular, TABLE 2 indicates the pin connections to 30 pression, data encryption, and error control functions 
+ 5V, digital ground, analog ground, and +/— 12V, may all be performed by a single control processor. 
TABLE 2 references the devices by the "Drawing Thus, when a modem of the class shown in FIG. 2 of 
Reference Characters" and "Device Reference Desig- the drawings is employed, the microprocessor 101 oper- 
ations" consistent with their usage in FIGS. 3A, 3B, ates on the outgoing data stream by first performing 
and 3C. 35 data compression, then performing the encryption step, 



TABLE 2 


Drawing 


Device 




Digital 


Analog 




Reference Character 


Reference Designation 


+ 5VPin(s) 


Ground Pin(s) 


Ground Pin(s) 


+ 12V -12V 


101 


Ul 


9, 21, 43 


26, 46, 47, 50, 60 






103a 


U2 


28 


14 






103b 


U3 


28 


14 






103c 


U4 


28 


14 






103d 


U5 


28 


14 






119 


U6 


20 


1, 10 






123 


U8 


1, 4, 5, 7, 10, 16 


3, 6 ( 8 






124 


U9 


6, 10, 16 


3, 4, 5, 8 






125 


U10 


1, 4, 10, 13, 14 


7 






127 


Ull 


14 


7 






129 


U12 


14 


7 






131 


U13 


14 


7 






133 


U14 


8 


3,4 






135 


U15 


14 


7 






137 


U16 


14 


7 






111 


U17 


7. 8,9 


31 






115 


U18 


1, 45. 61 


29, 37, 53 


30, 31 
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The bypass capacitors are not illustrated in FIGS. 
3A, 3B and 3C: It will be appreciated by those skilled in 
the art that these capacitors have a first terminal con- 65 
nected to the power pin of the integrated circuit and a 
second terminal to ground. These type capacitors may 
have a capacitance value of about 0.01 microfarad. 



and finally performing the error detection/protection 
processing before forwarding the data on to the modem 
module 113 for trellis coding and digital-to-analog con- 
version for transmission over the telephone network. 

The signal processing functions used in this enhanced 
arrangement are shown in FIG. 4 of the drawings. In 
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FIG 4 the functional units employed in the basic sys- the central station permits one network user to transmit 
tern shown in FIG. 1 are designated by the same numer- to a single other user, or to "broadcast" to selected, 
als used in FIG. 1, and the description of those units authorized users on the network only, while enabling all 
need not be repeated. terminals to use the network for unsecured transmis- 

A data compressor 34 is shown connected between 5 sions. 
the data source 15 and the encryptor 17. In the hard- The key memory within each station modem unit 
ware as seen in FIG. 2, data compression may be conve- includes a lookup table comprising a plurality of entries, 
niently performed by the microprocessor 101 on the each of which stores control information concerning 
data from the DTE obtained via the SCC 111. At the another station in the network. Advantageously, each 
receiving station 12 as seen in FIG. 4, a data decompres- 10 table entry specifies: 

sor 35 is connected between the decryptor 31 and the (1) the serial number which identifies a remote hard- 
data utilization device 33. Note also that, as depicted in ware unit (and which corresponds to a serial num- 
FIG. 4, the data is monitored by the block counter 21 ber stored in the non-volatile memory of that re- 
prior to compression, rather than afterwards. Corre- mote unit); 

spondingly, at the receiving station 12, the block 15 (2) the current encryption key value (e.g. an 8 digit 
counter 29 monitors the data flow after it is decom- DES encryption key) to be us»d for communica- 

pressed. In this way, both counters monitor the same tions to and from that remote station; and 

data stream. Both could be reconnected to monitor the (3) an optional dial-up telephone number (or compa- 
compressed data stream if desired, however. rable routing information used by the network 

Error control processing is done by the error control 20 switching system), 
coder 36 which, for example, might add cyclic redun- a switch operated by a physical key is also advanta- 
dancy check data to the data being transmitted to per- geously included in each station unit and has "security 
mit data correction in the error detector/corrector 37 at enabled" and "security disabled" positions. The key 
the receiving end, or to initiate a retransmission under memory can only be loaded with values identifying one 
the active error correction protocol. This error correc- 25 or more remote units with whom communications are 
tion processing (at both ends) may be advantageously authorized when the switch is in the "security disabled" 
performed by the same microprocessor that performs position (typically when the unit is being set up by an 
the data compression and encryption functions. authorized operator who has the physical key needed to 

To further enhance the security of the transmission, disable the security switch). At that time, the table can 
the duration of the interval during which each given 30 be loaded either from a remote (host) station or by a 
key is active may be changed in a pseudo-random fash- local command which takes the form of an extension to 
ion. For this purpose, a pseudo-random number genera- the standard modem AT command set. That load corn- 
tor 38 is used at the transmitting station 11 to supply the m and take the form: 
interval numbers to the block counter 21. The generator 

38 is advanced to a new number each time an advance 35 AT JSN kdeskey phonenum 
signal is received from the output of block counter 21 . 
over line 39 (so that a new interval number is supplied where AT is the AT command prefix, JSN is the letter 
to the block counter 21 each time it advances the en- "J" immediately followed by the senal number of the 
cryption key generator 23), Block counter 21 may sim- remote station with which communications is autho- 
Syload the interval number from generator 38 into an JO rized, KDESKEY is the letter "K» irnmediately fol- 
accumulator which is then decremented toward zero lowed by an 8 character DES encryption key, and 
when it emits'the advance signal to generator 23, at PHONENUM is the standard routing code (e.g. dial-up 
which time it is loaded with a new and different interval phone number string). In the preferred embodiment, up 
number from generator 38. At the receiving station 12, to 1000 serial numbers and keys, and up to 100 'optional 
a pseudo-random generator 40 (which performs the 45 dial-up phone number strings (each with up >to 39 digits) 
same pseudo-random number generating process as the may stored in the key memory lookup table, 
eenerator 38 at the transmitting station 11) supplies a To make a secured transmission, the calling station 
sequence of interval numbers to counter 29. Generator uses PHONENUM to establish the connection, normal 
40 is advanced by the advance signals from counter 29 modem handshaking procedures are executed to estab- 
which also advance the encryption key generator 27. 50 lish a working data connection mcluding standard pa- 
The random number generators 23 and 38 at the rameter negotiations (e.g. the V.42 parameters if that 
transmitting station obtain their seed values from a key protocol is being used). If the security key is enabled, 
memory 50 Key memory 50 stores the random number and a secure transmission is bemg requested by the 
kevs indexed by destination (along with telephone dial- caller, the answering modem will not send its parameter 
up numbers for automatic dialing). Similarly, at the* 55 message (the V.42 XID frame) until it recewes one from 
receiving station, the seed values for the remote termi- the originator, this initial message mcluding the (unen- 
nals from which the receiving station is authorized to crypted) originator's senal number. The answering 
receive information are stored in a key memory 60 modem uses the received senal number to select the 
connected to supply seed values to the generators 27 locally stored encryption key corresponding to that 
and 40 The key memories eliminates the need for au- 60 serial number, and encrypts its responsive XID frame 
thorized users to remember and enter keys before each using the fetched key. Thereafter, all transmissions be- 
transmission or reception. tween the originating and answering modems are en- 

In addition, the use of key memories allows the sta- crypted and the encryption keys at each end of the 
tions to be operated as terminals in a secure network secure ling are thereafter altered in accordance with the 
under the control of a central station which, in separate 65 encryption algorithm as heretofore desenbed. 
transmissions over different secure links, enters (and In accordance with an important feature of this ar- 
erases) the keys needed by authorized sending and re- rangement, the host system may initially authorize com- 
ceiving stations connected to the network. In this way, munication between two connected units by supplying 
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the appropriate serial numbers and initial key values 
(unique to an authorized link), but as soon as transmis- 
sion begins between the two units over the authorized 
link, the encryption keys are changed in ways that are 
unknowable to the host. As a consequence, knowledge 5 
of the initial seed values supplied by the host are of no 
further value and cannot be used to monitor ongoing 
communications over the authorized link. 
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Programming 

The encryption and decryption operations may be 
performed by special purpose devices, such as those 
widely sold to implement the DES standard encryption 
method. As noted, however, the encryption function 
can be less expensively added by suitable programming 15 
of the microprocessor 101 to perform this function as 
well as the control, compression, and error handling 
functions. 

Working computer programs for use with an 80188 
microprocessor appear in the computer program listing 20 
in the microfiche appendix. These computer programs 
perform the encryption, decryption, control, compres- 
sion, and error handling functions. The computer pro- 
gram listing appearing in the microfiche appendix in- 
cludes 14 modules, arranged alphabetically therein, 25 
named: (1) "COMM.C"; (2) "COMMAND. C": (3) 
"DISPLAY.ASM"; (4) "DISPLAY.H"; (5) "EN- 
CRYPT.ASM"; (6) "EQUS. INC"; (7) "KEY_SCHD 
ASM"; (8) "MAIN. C"; (9) "MODEM. ASM": (10) 
"MODEM.H"; (11) "SCGASM"; (12) "START- 30 
.ASM"; (13)"TEST.C"; and (14) "UTIL. C". 

In the microfiche appendix, each computer program 
module includes a comment section followed by a com- . 
puter program listing. Comments are also interspersed 
within the program listing. Each program is briefly 35 
described below. 

The "COMM.C" is 1 a "C" computer language pro- 
gram that performs communication routines. The 
"COMMAND.C" is also a "C" computer language 
program that performs command processing routines. 40 
The "DISPLAY.ASM" is an assembly language pro- 
gram that performs display initialization and display 
interface. The "DISPLAY.H" is a "C" computer lan- 
guage program whose function is to output LCD dis- 
play strings. The "ENCRYPT.ASM" is an assembly 45 
language program having the function "KEY_SCHD 
ASM" which calculates a sequence of 16 key-related 
values required in the DES algorithm. This sequence is 
pre-calculated when the DES key is changed to in- 
crease the speed of encryption and/or decryption. 50 

The "EQUS.INC" is an assembly language listing 
that defines assembly language names used in the sys- 
tem. The "MAIN.C" is a "C" computer language pro- 
gram that performs modem supervisory control. The 
"MODEM.ASM" is an assembly language program 55 
that facilitates interfacing with the modem unit 115. The 



"MODEM.H" is a "C" computer language program 
that provides definitions and parameters for the firm- 
ware of the modem unit 115. The "SCO ASM" is an 
assembly language program that facilitates interfacing 
with the SCC 111. The "STARTUP.ASM" is an assem- 
bly language program that performs initial setup and 
POST routines. The "TEST.C" is a "C" computer 
language routine that performs self-test and power-on 
self-check. The "UTIL.C" is a "C" computer language 
routine that performs utility routines for the modem 
unit 115. 

The computer program modules written in the "C" 
computer language are specifically designed for "MI- 
CROSOFT C 5.1". It should be noted that computer 
languages other than "C" may be employed to perform 
the function for which the "C" computer language 
modules were so designed. 

Various preferred embodiments of the present inven- 
tion have been described. It is understood, however, 
that changes and modifications can be made without 
departing from the true scope and spirit of the present 
invention as defined by the following claims, which are 
to be interpreted in view of the foregoing. 
What is claimed is: 

1. A method for transmitting data comprising a se- 
quence of blocks in encrypted form over a communica- 
tion link from a transmitter to a receiver comprising, in 
combination, the steps of: 
providing a seed value to both said transmitter and 
receiver, 

generating a first sequence of pseudo-random key 
values based on said seed value at said transmitter, 
each new key value in said sequence being pro- 
duced at a time dependent upon a predetermined 
characteristic of the data being transmitted over 
said link, 

encrypting the data sent over said link at said trans- 
mitter in accordance with said first sequence, 
generating a second sequence of pseudo-random key 
values based on said seed value at said receiver, 
each new key value in said sequence being pro- 
duced at a time dependent upon said predetermined 
characteristic of said data transmitted over said link 
such that said first and second sequences are identi- 
cal to one another a new one of said key values in 
said first and said second sequences being produced 
each time a predetermined number of said blocks 
are transmitted over said link, and 
decrypting the data sent over said link at said receiver 

in accordance with said second sequence. 
2. The method as set forth in claim 1 further including 
the step of altering said predetermined number of blocks 
each time said new key value in said first and said sec- 
ond sequences is produced. 
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